You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Snyk scan found the following vulnerabilities with dependencies.
✗ High severity vuln found in engine.io@3.5.0, introduced via browser-sync@2.26.14
Description: Denial of Service (DoS)
Info: https://snyk.io/vuln/SNYK-JS-ENGINEIO-1056749
From: browser-sync@2.26.14 > socket.io@2.4.0 > engine.io@3.5.0
✗ Medium severity vuln found in glob-parent@5.1.1, introduced via browser-sync@2.26.14
Description: Regular Expression Denial of Service (ReDoS)
Info: https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
From: browser-sync@2.26.14 > chokidar@3.5.1 > glob-parent@5.1.1
Steps to reproduce/test case
Please provide necessary steps for reproduction of this issue, or better the
reduced test case (without any external dependencies).
Please specify which version of Browsersync, node and npm you're running
Browsersync [ 2.26.14 ]
Node [ 14.15.4 ]
Npm [ 6.14.9 ]
Affected platforms
linux
windows
OS X
freebsd
solaris
other (please specify which)
Browsersync use-case
API
Gulp
Grunt
CLI
If CLI, please paste the entire command below
N/A
for all other use-cases, (gulp, grunt etc), please show us exactly how you're using Browsersync
N/A
The text was updated successfully, but these errors were encountered:
I see engine.io already patched their library, unfortunately the patch leads to breaking changes so they publish it in version 4 socketio/engine.io#612
Issue details
Snyk scan found the following vulnerabilities with dependencies.
Steps to reproduce/test case
Please provide necessary steps for reproduction of this issue, or better the
reduced test case (without any external dependencies).
Please specify which version of Browsersync, node and npm you're running
Affected platforms
Browsersync use-case
If CLI, please paste the entire command below
N/A
for all other use-cases, (gulp, grunt etc), please show us exactly how you're using Browsersync
N/A
The text was updated successfully, but these errors were encountered: